Assistant Manager – (GRC) Information Security

• Strong understanding of enterprise risk management and third-party/vendor risk management.
• Solid knowledge of security best practices (e.g., IS policies, endpoint security, secure coding).
• Excellent communication, presentation, and stakeholder management skills.
• Analytical mindset with the ability to assess complex risks and design practical mitigation strategies.
• Project management skills to track GRC initiatives, audits, and remediation efforts.

• Lead and manage the GRC function across the IS department to ensure alignment with regulatory obligations and organizational goals.
• Develop, implement, and track the GRC roadmap and strategy to proactively address evolving risks and regulatory requirements.
• Facilitate governance meetings; draft content, document minutes, and track follow-up recommendation(s) of IS-related governance committees and Action Taken Report (ATR).
• Design and maintain an enterprise-wide risk management program covering risk identification, assessment, mitigation, and validation.
• Oversee and coordinate remediation plans for identified risks and policy exceptions; ensure timely closure and reporting.
• Conduct periodic and ad-hoc risk assessments; maintain risk registers and track Key Risk Indicators (KRIs).
• Coordinate closely with the SOC team, internal management, and external consultants to address audit findings and strengthen security posture.
• Work collaboratively with internal teams to review and enhance security controls across trading systems, APIs, applications, databases, and network architecture. Page 2 of 2 The last date for submission of applications for above-mentioned position is Jul 07, 2025. Employee who has worked at least for a period of two years in the existing department and in case of designation change a minimum of 3 years at the existing designation can apply for the said IJP...
• Lead compliance activities with SEBI, NCIPC, CERT-IN, and other applicable Indian regulatory bodies; ensure alignment with global standards like ISO 27001, SOC 2, and NIST Cybersecurity Framework.
• Tracking & ensuring resolution/response towards regulatory requirements, guidelines and communications etc. within defined timelines.
• Drive vendor and third-party risk assessments; manage vendor attestations and certifications (ISO, SOC 2, etc.).
• Collaborate with internal stakeholders and external auditors during compliance reviews and prepare necessary documentation.
• Develop and maintain policies and procedures reflecting regulatory updates and industry best practices.
• Oversee the implementation and continuous improvement of the Information Security Management System (ISMS) and IT General Controls (ITGC).
• Coordinate and support internal and external audits; track and manage remediation activities.
• Monitor emerging cybersecurity threats, regulatory updates, and technology trends; update policies and risk strategies accordingly.
• Promote security awareness and training programs covering topics like password hygiene, device security, and secure development practices.Define and report on metrics to measure GRC program maturity, effectiveness, and risk posture to leadership and regulators.
• Manage and maintain IS Budget details and required documentation
• Track and maintain payments of IS department vendors, documents like invoices, approval notes, POs etc. SLA reviews and releasing payments as per PO terms.

• Relevant experience in Governance, Risk, and Compliance, preferably in financial services, fintech, or exchange environments.
• Proven experience implementing and managing frameworks such as ISO 27001, SEBI CSCRF, NIST Cybersecurity Framework, COBIT etc.
• Strong knowledge of the Indian regulatory landscape relevant to exchanges and financial institutions (SEBI, NCIPC, CERT-IN, etc.).
• Hands-on experience coordinating audits, managing remediation plans, and working with internal and external stakeholders

Vitasta Consulting